policy_sentry
0.8.0.3
Introduction
Overview
Motivation
Authoring Secure IAM Policies
Installation
Shell completion
Usage
User Guide
Installation
Shell completion
Docker
Building the Docker Image
Using the Docker Image
Rebuilding the IAM Database
Initialize
Options
Usage
Skipping Initialization
Writing IAM Policies
CRUD Mode
Command options
Instructions
Wildcard-only section
Example
Basic support for Wildcard-only Actions
CRUD-based support for Wildcard-only Actions
Combining approaches
Actions Mode
Command options
Instructions
CRUD Mode Examples
Example 1: Basic CRUD
Example 2: Skipping Resource Constraints
Example 3: Wildcard-only - Single Actions
Example 4: Wildcard only - Bulk Selection Service-Wide
Querying the IAM Database
Action table
Options
ARN Table
Options
Condition Table
Options
Terraform
Prerequisites
Note
Example
Cheat sheet
Commands
Policy Writing Commands
IAM Database Query Commands
Initialization (Optional)
Contributing
Contributing
Contributing to Documentation
Building Documentation
Docstrings
IAM Database
How Policy Sentry uses the IAM database
Updating the AWS HTML files
Testing
Pipenv
Invoke
Local Unit Testing and Integration Testing: Quick and Easy
Running the Test Suite
Project Structure
Subfolders
Files and functions
Versioning
Version bumps
Roadmap
Condition Keys
Log-based policy generation
Library Usage
Library Usage
Getting Started with the Library
Examples
Querying the IAM Database
All
Actions
ARNs
Conditions
Writing Policies
Actions Mode: Writing Policies by providing a list of Actions
CRUD Mode: Writing Policies by Access Levels and ARNs
Analyzing Policies
Analyzing by access level
Expanding actions from a policy file
Module Reference
Querying
querying.all
querying.actions
querying.arns
querying.conditions
Writing
command.write_policy
writing.sid_group
writing.template
writing.validate
writing.minimize
Analyzing
analysis.analyze
Utilities
util.policy_files
util.arns
util.file
util.actions
Appendix
Appendices
Implementation Strategy
Comparison to related tools
Policy Revocation Tools
Repokid
AWS Tools
AWS Console - Visual Policy Editor
AWS Policy Generator (static website)
Log-based Policy Generators
CloudTracker
Trailscraper
Other Infrastructure as Code Tools
aws-iam-generator
Terraform
IAM Policies
IAM Policy Elements
Actions, Resources, and Condition Keys Per Service
Action Table
ARN Table
Condition Keys Table
References
Minimization
policy_sentry
Docs
»
Index
Edit on GitHub
Index
A
|
C
|
D
|
G
|
L
|
M
|
P
|
R
|
S
|
V
A
add_action_without_resource_constraint() (policy_sentry.writing.sid_group.SidGroup method)
add_by_arn_and_access_level() (policy_sentry.writing.sid_group.SidGroup method)
add_by_list_of_actions() (policy_sentry.writing.sid_group.SidGroup method)
add_overrides() (policy_sentry.writing.sid_group.SidGroup method)
add_requested_service_wide() (policy_sentry.writing.sid_group.SidGroup method)
add_wildcard_only_actions() (policy_sentry.writing.sid_group.SidGroup method)
add_wildcard_only_actions_matching_services_and_access_level() (policy_sentry.writing.sid_group.SidGroup method)
analyze_by_access_level() (in module policy_sentry.analysis.analyze)
analyze_statement_by_access_level() (in module policy_sentry.analysis.analyze)
arn_has_colons() (in module policy_sentry.util.arns)
arn_has_slash() (in module policy_sentry.util.arns)
C
check() (in module policy_sentry.writing.validate)
check_actions_schema() (in module policy_sentry.writing.validate)
check_crud_schema() (in module policy_sentry.writing.validate)
check_min_permission_length() (in module policy_sentry.writing.minimize)
create_actions_template() (in module policy_sentry.writing.template)
create_crud_template() (in module policy_sentry.writing.template)
create_policy_sid_namespace() (in module policy_sentry.writing.sid_group)
D
does_arn_match() (in module policy_sentry.util.arns)
G
get_account_from_arn() (in module policy_sentry.util.arns)
get_action_data() (in module policy_sentry.querying.actions)
get_action_name_from_action() (in module policy_sentry.util.actions)
get_actions_at_access_level_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_for_service() (in module policy_sentry.querying.actions)
get_actions_from_json_policy_file() (in module policy_sentry.util.policy_files)
get_actions_from_policy() (in module policy_sentry.util.policy_files)
get_actions_from_statement() (in module policy_sentry.util.policy_files)
get_actions_matching_condition_key() (in module policy_sentry.querying.actions)
get_actions_template_dict() (in module policy_sentry.writing.template)
get_actions_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_with_access_level() (in module policy_sentry.querying.actions)
get_actions_with_arn_type_and_access_level() (in module policy_sentry.querying.actions)
get_all_actions() (in module policy_sentry.querying.all)
get_all_service_prefixes() (in module policy_sentry.querying.all)
get_arn_data() (in module policy_sentry.querying.arns)
get_arn_type_details() (in module policy_sentry.querying.arns)
get_arn_types_for_service() (in module policy_sentry.querying.arns)
get_condition_key_details() (in module policy_sentry.querying.conditions)
get_condition_keys_available_to_raw_arn() (in module policy_sentry.querying.conditions)
get_condition_keys_for_service() (in module policy_sentry.querying.conditions)
get_condition_value_type() (in module policy_sentry.querying.conditions)
get_conditions_for_action_and_raw_arn() (in module policy_sentry.querying.conditions)
get_crud_template_dict() (in module policy_sentry.writing.template)
get_denied_prefixes_from_desired() (in module policy_sentry.writing.minimize)
get_dependent_actions() (in module policy_sentry.querying.actions)
get_full_action_name() (in module policy_sentry.util.actions)
get_lowercase_action_list() (in module policy_sentry.util.actions)
get_partition_from_arn() (in module policy_sentry.util.arns)
get_privilege_info() (in module policy_sentry.querying.actions)
get_raw_arns_for_service() (in module policy_sentry.querying.arns)
get_region_from_arn() (in module policy_sentry.util.arns)
get_rendered_policy() (policy_sentry.writing.sid_group.SidGroup method)
get_resource_from_arn() (in module policy_sentry.util.arns)
get_resource_path_from_arn() (in module policy_sentry.util.arns)
get_resource_string() (in module policy_sentry.util.arns)
get_resource_type_name_with_raw_arn() (in module policy_sentry.querying.arns)
get_service_from_action() (in module policy_sentry.util.actions)
get_service_from_arn() (in module policy_sentry.util.arns)
get_sid() (policy_sentry.writing.sid_group.SidGroup method)
get_sid_group() (policy_sentry.writing.sid_group.SidGroup method)
get_universal_conditions() (policy_sentry.writing.sid_group.SidGroup method)
get_wildcard_only_actions_matching_services_and_access_level() (in module policy_sentry.writing.sid_group)
L
list_sids() (policy_sentry.writing.sid_group.SidGroup method)
M
minimize_statement_actions() (in module policy_sentry.writing.minimize)
P
parse_arn() (in module policy_sentry.util.arns)
parse_arn_for_resource_type() (in module policy_sentry.util.arns)
policy_sentry.analysis.analyze (module)
policy_sentry.querying.actions (module)
policy_sentry.querying.all (module)
policy_sentry.querying.arns (module)
policy_sentry.querying.conditions (module)
policy_sentry.util.actions (module)
policy_sentry.util.arns (module)
policy_sentry.util.file (module)
policy_sentry.util.policy_files (module)
policy_sentry.writing.minimize (module)
policy_sentry.writing.sid_group (module)
policy_sentry.writing.template (module)
policy_sentry.writing.validate (module)
process_template() (policy_sentry.writing.sid_group.SidGroup method)
process_wildcard_only_actions() (policy_sentry.writing.sid_group.SidGroup method)
R
read_yaml_file() (in module policy_sentry.util.file)
remove_actions_duplicated_in_wildcard_arn() (policy_sentry.writing.sid_group.SidGroup method)
remove_actions_not_matching_access_level() (in module policy_sentry.querying.actions)
remove_actions_not_matching_these() (policy_sentry.writing.sid_group.SidGroup method)
remove_actions_that_are_not_wildcard_arn_only() (in module policy_sentry.querying.actions)
(in module policy_sentry.writing.sid_group)
remove_sids_with_empty_action_lists() (policy_sentry.writing.sid_group.SidGroup method)
S
SidGroup (class in policy_sentry.writing.sid_group)
V
validate_condition_block() (in module policy_sentry.writing.validate)